BCA/CJDN Compliance [MNJIS-5002]

Article ID: 509
Category: Compliance
Applies to: 5.1.1 and later
Updated: 2024-04-30

EventSentry can help users be compliant with MNJIS-5002 and help secure CJI (criminal justice information). The BCA package contains a number of event log rules that can detect a variety of security incidents including:

  • Issues with the Windows audit subsystem
  • Lateral movement on the network
  • Performance issues
  • Port scans initiated from a host
  • Excessive failed logons
  • Permission changes
  • Suspicious network traffic
  • User accounts created
  • User password changes

It's recommended to tweak some of the filters in this package to reduce false positives, in particular:

  • Port Scan Initiated (adjust threshold)
  • Security Misc\Object Permission Change (exclude paths)
  • Security Misc\Malicious Network Traffic (exclude executables or IP addresses)

For more security-related features in EventSentry click here.

BCA Filter Rules